The lifetime of a default security token for a claims-based authentication deployment using AD FS 2.0 is 60 minutes. By default, Microsoft Dynamics CRM Server 2011 is configured to display the
Authentication is Required dialog box 20 minutes before the token expires.

In the Authentication is Required dialog box, if you click
Cancel, the token expires as indicated. When the security token expires, you will need to start a new browser session to Microsoft Dynamics CRM to access your data. Any unsaved changes will be lost.

In the Authentication is Required dialog box, if you click
Sign In, the Sign-Out page appears. When you close the Sign-Out page, one of the following occurs:

If you have not deployed an Internet-facing deployment (IFD), you will automatically re-authenticate with domain credentials and a new security token will be issued.

If you have an IFD deployment, you will be required to re-authenticate by entering your credentials on the login page.
"

The solution is to set the ADFS Timeout. The ADFS timeout determines how long the claims token will live in the system before requiring a re-authentication or signin from the user. This can be set on the internal and external sides of ADFS. You will need
to know the names of your ADFS relying party trusts.

To begin, open the ADFS Management Console:

Open the left hand navigation, expand relying parting trusts to find the display names:

Now, run the Windows Powershell from the machine with ADFS installed.

For Windows 2008 Server, you will need to add the PSSnapin from the ADFS Command Prompt:

(In Windows 2012 and later, the ADFS role is pre-installed and you can move on to the next step.)

Using the Internal Relying Party Trust Display Name from the ADFS wizard above, enter this command where the dev.mydomain.com is the name of your internalcrm ADFS Relying Party Trust
Display Name.

The last line of the results specific TokenLifetime will say how long the current time out is set.

Set the timeout to 480 for 8 hours ( minute increments). Example below is (240).

Now, set the timeout is set. You can follow the same steps to review or set your external timeout as well. It's not a good security practice to set your external lifetime greater than 1 hour, as somebody who logins in remotely and forgets to logout, the
session will be active until that timeout period is reached.